Privacy Policy

ITLOX LTD trades as AegisWire (“AegisWire”, “we”, “us”, “our”). We are a business-to-business (“B2B”) software and infrastructure company providing secure transport and enterprise VPN platform services. We are not a consumer business.

For data protection purposes, AegisWire acts as a data controller in relation to personal data collected through our website and marketing activities. For personal data processed within the platform on behalf of enterprise customers, AegisWire acts as a data processor — see our Data Processing Addendum.

Our primary contact for data protection matters is: legal@aegiswire.com

2.1 Website and Enquiry Data

When you visit our website or submit an enquiry, we collect:

2.2 Platform and Technical Data (Processor Role)

When enterprise customers deploy the AegisWire platform, we process technical data (such as session metadata, policy logs, and cryptographic handshake records) on their behalf as a data processor. This processing is governed by our Data Processing Addendum and the applicable customer contract, not this Privacy Policy.

2.3 Cookies

We use cookies and similar technologies as described in our Cookie Policy.

2.4 Data We Do Not Collect

We do not knowingly collect data from children under 16. We do not sell, rent, or broker personal data to third parties. We do not use personal data collected through the website for profiling or automated decision-making that produces legal or similarly significant effects.

We use personal data collected through the website to:

• Respond to enquiries, demo requests, and sales conversations.
• Send transactional communications about your request or account.
• Send product and marketing updates where you have provided consent or where we have a legitimate interest and you have not opted out.
• Comply with legal and regulatory obligations.
• Detect, investigate, and prevent fraud, abuse, and security incidents.
• Improve and develop our website and services.

We do not use your personal data for purposes incompatible with those stated above without your consent or a lawful basis under applicable law.

Where GDPR or UK GDPR applies, we rely on the following lawful bases:

• Legitimate interests: Processing enquiry data and basic website analytics to operate our business, where those interests are not overridden by your data protection rights.
• Consent: Where you have expressly opted in to marketing communications. You may withdraw consent at any time by emailing legal@aegiswire.com.
• Contract: Where processing is necessary to take pre-contractual steps or to perform a contract with you or your organisation.
• Legal obligation: Where processing is required to comply with applicable law.

We do not sell your personal data. We share data only as follows:

5.1 Service Providers (Processors)

We engage the following categories of service provider who process personal data on our behalf:

• Cloud infrastructure: Amazon Web Services, Inc. (AWS), used for hosting, email delivery, and DNS. Data may be processed in the United States (us-west-2 region). See international transfers below.
• Email delivery: AWS Simple Email Service (SES) for transactional email.
• Analytics: Where enabled, limited website analytics providers.

All processors are contractually bound by data processing terms requiring adequate security and prohibiting use of data for their own purposes.

5.2 Legal and Regulatory Disclosures

We may disclose personal data where required by law, court order, regulatory authority, or to protect the legal rights, property, or safety of AegisWire, our customers, or the public.

5.3 Corporate Transactions

In the event of a merger, acquisition, or sale of all or substantially all of our assets, personal data may be transferred to the successor entity, subject to equivalent privacy protections. We will notify you of any such change where required by law.

Our primary infrastructure is hosted on AWS in the United States (us-west-2, Oregon). Where personal data is transferred from the European Economic Area (EEA) or the United Kingdom to a country that is not subject to an adequacy decision, we rely on appropriate safeguards including:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• The UK International Data Transfer Addendum where applicable.
• AWS’s participation in certified frameworks where applicable.

You may request a copy of our transfer safeguards by contacting legal@aegiswire.com.

We retain personal data only for as long as necessary for the purposes for which it was collected, unless a longer period is required by law:

• Enquiry and contact data: up to 3 years from the date of last meaningful interaction, unless you request earlier deletion.
• Marketing consent records: for the duration of your consent plus a reasonable period for legal compliance.
• Contractual and billing data: for the duration of the contract plus the period required by applicable law (typically 6–7 years for financial records).
• Security and fraud logs: up to 12 months unless a longer period is required for an ongoing investigation.

8.1 Rights Under GDPR and UK GDPR

If you are located in the EEA, the United Kingdom, or Switzerland, you have the following rights in relation to your personal data:

• Right of access: to obtain a copy of the personal data we hold about you.
• Right to rectification: to correct inaccurate or incomplete personal data.
• Right to erasure (“right to be forgotten”): to request deletion of your personal data where there is no compelling reason to continue processing it.
• Right to restriction of processing: to ask us to pause processing of your data in certain circumstances.
• Right to data portability: to receive your personal data in a structured, machine-readable format.
• Right to object: to object to processing based on legitimate interests or for direct marketing at any time.
• Rights related to automated decision-making: we do not make solely automated decisions with legal or significant effects, but you have the right to request human review if you believe otherwise.

To exercise any of these rights, contact legal@aegiswire.com. We will respond within one calendar month. We may need to verify your identity before processing a request.

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority. In the UK, this is the Information Commissioner’s Office (ico.org.uk). In the EEA, contact your national data protection authority.

8.2 US State Privacy Rights

AegisWire is a B2B platform and does not sell personal data. Residents of US states with applicable privacy laws (including California CCPA/CPRA, Virginia VCDPA, Colorado CPA, and others) may have rights to know, delete, opt-out of sale (we do not sell), and non-discrimination. To make a request, contact legal@aegiswire.com.

AegisWire implements technical and organisational measures to protect personal data, including encryption in transit, access controls, and security monitoring. Details are set out in our Security & Trust Centre.

However, no method of transmission over the internet is completely secure. We cannot guarantee absolute security and you transmit data at your own risk. Where we become aware of a personal data breach, we will comply with our notification obligations under applicable law.

We may update this Privacy Policy from time to time. Material changes will be notified by email or by prominent notice on our website before they take effect. The “Last updated” date at the top reflects the most recent revision. Your continued use of the website or platform after the effective date constitutes acknowledgement of the updated policy.

For any privacy-related queries, data subject requests, or to report a concern:

ITLOX LTD (trading as AegisWire)
Email: legal@aegiswire.com
General: intl@aegiswire.com